Thank you for Subscribing to Enterprise Security Mag Weekly Brief

Blockchain Security Implications for the Industrial Internet

By Mike Gault, CEO, Guardtime

Mike Gault, CEO, Guardtime

In January of this year when John Chambers, CEO of Cisco, pegged the “Internet of Everything” as a future seventeen trillion USD market many people scoffed. However, in one area, the Industrial Internet, they were being conservative. The Industrial Internet, or the convergence of the global industrial system with the power of advanced computing, analytics and low cost sensing is bringing us to a threshold of a new era of innovation. Connecting the digital world with the world of machines holds the potential to bring about profound transformation to global industry, bringing greater speed and efficiency to industries as diverse as automotive, aviation, energy, power and health-care.

“A system would imply for accountability and transparency for global society that would transform our society from trust based to truth based Learning from Internet History”

“Those who cannot remember the past are condemned to repeat it” - George Santayana

When the inventors of the Internet implemented their ideas for communication they weren’t thinking about security. Indeed at that time there was little justification for thinking about security and no one could ever have predicted the profound impact and trillion dollar industries that have been built based on their invention. The reality is that there has been little fundamental innovation in security over the last 40 years. Public Key Infrastructure (PKI) still remains the only tool in the cryptographic toolshed for authenticating data, but the model is based on centralized trust authorities which are in direct opposition to distributed open systems such as the Internet. PKI was invented so that two parties can share a secret across an insecure channel–and for that purpose it has been a massive success, as implemented in protocols such as TLS. For everything else and especially for authentication of data, the complexities and cost of key management make it impossible to scale.

The reality is that for the Industrial Internet System Integrity (anti-tamper) is much more important than confidentiality. Let’s consider some examples.

Enter the Blockchain

One of the most significant trends over the last few years, (spearheaded by Bitcoin) has been the move away from centralized trust authorities to decentralized "consensus" trust models–assertions about what is and what is not true can be verified independently using a public ledger built using consensus based decision making.

Keyless Signature Infrastructure (KSI) is an example of a blockchain technology optimized for the Industrial Internet–trusted parties are eliminated for verifying the integrity and provenance of both infrastructure components and data generated from that infrastructure. If we think of the Industrial Internet as a giant logistics platform for data, then we can think of a transaction as a transport or processing of data. Data is generated from sensors (network), processed (compute) and kept for reuse at a later date (storage).

Imagine if the Blockchain contained every data transaction-every transport, compute and storage of data, i.e. every step in the data supply chain. The truth would be inside the block chain, which can be used to verify the status of infrastructure and provide complete chain of custody for all data that was generated and transmitted through that infrastructure. Everyone can independently verify the status of that infrastructure and any change would indicate a breach–which can be acted upon in real-time. It is security based on different assumptions-but those assumptions provide a level of empirical verifiability that has not been possible to date. Subsequently, with this real-time awareness, incident response, data-loss prevention, investigation, and/or network resilience it is now possible to detect and react to any misconfiguration, network and/ or component/application failure.

Implementing the Blockchain

A Blockchain security system for the Industrial Internet would give complete traceability, accountability and transparency, organizations that are either using or administrating the Industrial Internet can be held responsible for their actions. Regulators get to audit all processes and everyone involved can verify what happened after the fact—and act in real time when things go wrong.

Of course a reasonable question to ask would be whether such a system could be built in reality. Billions of data transactions every second that would need to be entered into the blockchain and distributed out to the edge. The implied network, storage and compute requirements would make it impossible to scale–but these are precisely the challenges KSI was invented to solve.

Now here's a thought-imagine if that blockchain wasn't just for one Industrial network-but for all networks, and all data-every transport, compute and storage of data across all networks in the world. Imagine what such as a system would imply for accountability and transparency for global society. It would transform our society from one that is trust based to one that is truth based, i.e. humans can choose to trust each other, but they can also verify; they can prove what happened without trusting anyone.